Browse Source

Patches: Break HTTP codes, disable Apache HTML error page

master
Pekka Helenius 3 years ago
committed by GitHub
parent
commit
c3749c6c4e
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 80 additions and 0 deletions
  1. +46
    -0
      patches/patch_apache_break_http_code_standard.patch
  2. +34
    -0
      patches/patch_apache_disable_html_errormsg.patch

+ 46
- 0
patches/patch_apache_break_http_code_standard.patch View File

@ -0,0 +1,46 @@
Author: Pekka Helenius (~Fincer), 2018
This is an experimental patch, just introducing the principle of manipulating HTTP header response codes returned by Apache HTTP server to a client. The patch is mainly for personal use, nothing else. If you see it worth it, feel free to use it. And absolutely, feel free to modify it! If you see it just awful, ignore it. Thanks.
The patch breaks HTTP standard by altering HTTP header response codes generated by Apache HTTP server. Generated codes are:
If client request generates HTTP response code 401, the server returns error code 401.
If client request generates HTTP response code 401->, the server returns error code 400.
If client request generates HTTP response code 500->, the server returns error code 400 instead.
Any other codes (100-308) will be returned normally, including 200 OK message.
Remember to comment any unsupported ErrorDocument fields from your VirtualHost configurations before starting the server with this patch applied.
All Apache HTTP response codes are listed in 'modules/http/http_protocol.c' file.
This patch may break things badly, just be aware and proceed with care! Thanks.
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1003,7 +1003,20 @@ AP_DECLARE(int) ap_index_of_response(int
if (status < 100) {
pos = (status + shortcut[i]);
if (pos < shortcut[i + 1] && status_lines[pos] != NULL) {
- return pos;
+ if (shortcut[i] == LEVEL_400) {
+ if (pos != (1 + shortcut[i])) {
+ return (0 + shortcut[i]);
+ }
+ else {
+ return pos;
+ }
+ }
+ else if (shortcut[i] == LEVEL_500) {
+ return (shortcut[i - 1]);
+ }
+ else {
+ return pos;
+ }
}
else {
return LEVEL_500; /* status unknown (falls in gap) */

+ 34
- 0
patches/patch_apache_disable_html_errormsg.patch View File

@ -0,0 +1,34 @@
Author: Pekka Helenius (~Fincer), 2018
Patch: Remove error HTML body from Apache server output message.
Removes additional error messages as well.
Do not give any hints about existence of Apache ErrorDocument to the client.
This patch is useful in some cases but can bury underneath problems in server
configuration. Thus, use discretion before implementing the patch
in your Apache server.
This patch removes default error pages returned by an erroneous HTTP request.
If you need to use error pages, customize them in your Apache configs with ErrorDocument.
--- a/modules/http/http_protocol.c
+++ b/modules/http/http_protocol.c
@@ -1531,7 +1531,7 @@ AP_DECLARE(void) ap_send_error_response(
/* can't count on a charset filter being in place here,
* so do ebcdic->ascii translation explicitly (if needed)
*/
-
+/*
ap_rvputs_proto_in_ascii(r,
DOCTYPE_HTML_2_0
"<html><head>\n<title>", title,
@@ -1549,7 +1549,7 @@ AP_DECLARE(void) ap_send_error_response(
"ErrorDocument to handle the request.</p>\n", NULL);
}
ap_rvputs_proto_in_ascii(r, ap_psignature("<hr>\n", r), NULL);
- ap_rvputs_proto_in_ascii(r, "</body></html>\n", NULL);
+ ap_rvputs_proto_in_ascii(r, "</body></html>\n", NULL);*/
}
ap_finalize_request_protocol(r);
}

Loading…
Cancel
Save